Appl. No. 10/672,698 

Amdt. dated January 15, 2008 

Reply to Advisory Action of December 27, 2007 

This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 

Listing of Claims: 

1. (Currently Amended) A method for enrolling for 
receipt of one or more obfuscated application programs, the 
method comprising: 

issuing , from a user device to an application program 
provider, an enrollment request comprising a target ID, 
said enrollment request for receipt of one or more 
obfuscated executable application programs controlled by 
as said application program provider, said target ID 
specifying [[a]] said user device configured to execute 
said one or more obfuscated executable application 
programs for one or more services; 

obtaining , on said user device from said application 
program provider, a secret in response to said issuing; 

associating , on said user device, said secret with 
said application program provider, said secret for use in 
executing said one or more obfuscated executable 
application programs; and 

receiving, from said application program provider 
following said obtaining, said one or more obfuscated 
executable application programs, 

wherein said user device comprises a smart -card 

and said smart-card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID . 

2. (Cancelled) 
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3. (Currently Amended) A method for enrolling for 
receipt of one or more obfuscated application programs, the 
method comprising: 

receiving an enrollment request, by an application 
program provider from a user device, comprising a target 
ID, said enrollment request for receipt of one or more 
obfuscated application programs, said target ID specifying 
said user device, said user device configured to execute 
said one or more obfuscated application programs; 

determining , by said application program provider, a 
secret in response to said request; 

associating , by said application program provider, 
said secret with said target ID following said determining 
and authentication of said enrollment request; and 

transferring said secret from said application 
provider to said user device^ 

wherein said user device comprises a smart -card 

and said smart -card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID . 

4. (Original) The method of claim 3 wherein said 
determining and said transferring form part of a key exchange 
protocol . 



5. (Cancelled) 



6. (Cancelled) 

7. (Cancelled) 
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8. (Currently Amended) A method for application program 
obfuscation, the method comprising: 
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determining , by an application program provider, a 
current obfuscation method based at least in part on a 
target ID, said target ID specifying a user device 
configured to execute said obfuscated application program; 

creating , by said application program provider, an 
obfuscated application program based at least in part on 
said current obfuscation method; and 

sending said obfuscated application program from said 
application program provicer to said user device^ 

wherein said user device comprises a smart-card 

and said smart -card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID . 

9. (Original) The method of claim 8, further comprising 
receiving an application program request from said user device, 
said determining occurring in response to said receiving. 

10. (Original) The method of claim 8 wherein 

said method further comprises, after said creating, 
applying a cryptographic process to said obfuscated 
application program together with a cryptographic key to 
create an encrypted obfuscated application program; and 

said sending comprises sending said encrypted 
obfuscated application program. 



11. (Cancelled) 
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12. (Currently Amended) A program storage device 
readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for enrolling for 
receipt of one or more obfuscated application programs, the 
method comprising: 
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issuing , from a user device to an application program 
provider, an enrollment request comprising a target ID, 
said enrollment request for receipt of one or more 
obfuscated executable application programs controlled by 
an said application program provider, said target ID 
specifying [[a]] said user device configured to execute 
said one or more obfuscated executable application 
programs for one or more services; 

obtaining , on said user device from said application 
program provider, a secret in response to said issuing; 

associating , on said user device, said secret with 
said application program provider, said secret for use in 
executing said one or more obfuscated executable 
application programs; and 

receiving, from said application program provider 
following said obtaining, said one or more obfuscated 
executable application programs, 

wherein said user device comprises a smart -card 

and said smart-card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID . 



13. (Cancelled) 
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14. (Currently Amended) A program storage device 
readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for enrolling for 
receipt of one or more obfuscated application programs, the 
method comprising: 

receiving an enrollment request, by an application 
program provider from a user device, comprising a target 
ID, said enrollment request for receipt of one or more 
obfuscated application programs, said target ID specifying 
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said user device, said user device configured to execute 
said one or more obfuscated application programs; 

determining , by said application program provider, a 
secret in response to said request; 

associating , by said application program provider, 
said secret with said target ID following said determining 
and authentication of said enrollment request; and 

transferring said secret from said application 
provider to said user device^ 

wherein said user device comprises a smart-card 

and said smart-card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID 

15. (Original) The program storage device of claim 14 
wherein said determining and said transferring form part of a 
key exchange protocol . 

16. (Cancelled) 

17. (Cancelled) 



18. (Cancelled) 



19. (Currently Amended) A program storage device 
readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for application 
program obfuscation, the method comprising: 

determining , by an application program provider, a 
current obfuscation method based at least in part on a 
target ID, said target ID specifying a user device 
configured to execute said obfuscated application program; 
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creating , by said application program provider, an 
obfuscated application program based at least in part on 
said current obfuscation method; and 

sending said obfuscated application program from said 
application program provicer to said user device^ 

wherein said user device comprises a smart-card 

and said smart -card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID , 



20. (Original) The program storage device of claim 19, 
said method further comprising receiving an application program 
request from said user device, said determining occurring in 
response to said receiving. 

21. (Original) The program storage device of claim 19 
wherein 

said method further comprises, after said creating, 
applying a cryptographic process to said obfuscated 
application program together with a cryptographic key to 
create an encrypted obfuscated application program; and 

said sending comprises sending said encrypted 
obfuscated application program. 

22. (Cancelled) 
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23. (Currently Amended) An apparatus for enrolling for 
receipt of one or more obfuscated application programs, the 
method comprising: 

means for issuing , from a user device to an 
application program provider, an enrollment request 
comprising a target ID, said enrollment request for 
receipt of one or more obfuscated executable application 
programs controlled by o*i said application program 
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provider, said target ID specifying [[a]] said user device 
configured to execute said one or more obfuscated 
executable application programs for one or more services; 

means for obtaining , on said user device from said 
application program provider, a secret in response to said 
issuing; 

means for associating , on said user device, said 
secret with said application program provider, said secret 
for use in executing said one or more obfuscated 
executable application programs; and 

means for receiving, from said application program 
provider following said obtaining, said one or more 
obfuscated executable application programs, 

wherein said user device comprises a smart -card 

and said smart -card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID . 



24. (Cancelled) 
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25. (Currently Amended) An apparatus for enrolling for 
receipt of one or more obfuscated application programs, the 
apparatus comprising: 

means for receiving an enrollment request, by an 
application program provider from a user device, 
comprising a target ID, said enrollment request for 
receipt of one or more obfuscated application programs, 
said target ID specifying said user device, said user 
device configured to execute said one or more obfuscated 
application programs; 

means for determining , by said application program 
provider, a secret in response to said request; 

means for associating , by said application program 
provider, said secret with said target ID following said 
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determining and authentication of said enrollment request; 
and 

means for transferring said secret from said 
application provider to said user device^ 

wherein said user device comprises a smart -card 
and said smart-card comprises a virtual machine (VM) ; 
and 

said target ID comprises a VM ID . 

26. (Original) The apparatus of claim 25 wherein said 
determining and said transferring form part of a key exchange 
protocol . 

27. (Cancelled) 

28. (Cancelled) 



29. (Cancelled) 

30. (Currently Amended) An apparatus for application 
program obfuscation, the apparatus comprising: 

means for determining , by an application program 
provider, a current obfuscation method based at least in 
part on a target ID, said target ID specifying a user 
device configured to execute said obfuscated application 
program; 

means for creating , by said application program 
provider, an obfuscated application program based at least 
in part on said current obfuscation method; and 

means for sending said obfuscated application program 
from said application program provicer to said user 
device, 
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wherein said user device comprises a smart-card 
and said smart-card comprises a virtual machine (VM) ; 
and 

said target ID comprises a VM ID . 

31. (Original) The apparatus of claim 30, further 
comprising means for receiving an application program request 
from said user device, said determining occurring in response 
to said receiving. 

32. (Original) The apparatus of claim 30 wherein 

said apparatus further comprises means for applying a 
cryptographic process to said obfuscated application 
program together with a cryptographic key to create an 
encrypted obfuscated application program, said means for 
applying responsive to said creating; and 

said means for sending comprises means for sending 
said encrypted obfuscated application program. 

33. (Cancelled) 

34. (Currently Amended) An apparatus for enrolling for 
receipt of one or more obfuscated application programs, the 
apparatus comprising a deobfuscator configured to: 

issue an enrollment request comprising a target ID, 
said enrollment request for receipt of one or more 
obfuscated executable application programs controlled by 
an application program provider, said target ID specifying 
a user device configured to execute said one or more 
obfuscated executable application programs; 

obtain a secret in response to said issuing; and 
associate said secret with said application program 
provider, said secret for use in executing said one or 
more obfuscated executable application programs; and 
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receive, from said application program provider 
following said obtaining, said one or more obfuscated 
executable application programs^ 

wherein said user device comprises a smart -card 

and said smart -card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID . 



35. (Cancelled) 



36. (Currently Amended) An apparatus for enrolling for 
receipt of one or more obfuscated application programs, the 
apparatus comprising an obfuscator configured to: 

receive an enrollment request, from a user device, 
comprising a target ID, said enrollment request for 
receipt of one or more obfuscated application programs, 
said target ID specifying said user device, said user 
device configured to execute said one or more obfuscated 
application programs; 

determine a secret in response to said request; 

associate said secret with said target ID following 
said determining and authentication of said enrollment 
request; and 

transfer said secret to said user device^ 

wherein said user device comprises a smart -card 

and said smart -card comprises a virtual machine (VM) ; 

and 

said target ID comprises a VM ID . 

37. (Original) The apparatus of claim 3 6 wherein said 
determining and said transferring form part of a key exchange 
protocol . 
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38. (Cancelled) 
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39. (Cancelled) 



40 



(Cancelled) 



41. (Currently Amended) An apparatus for application 
program obfuscation, the apparatus comprising an obfuscator 
configured to: 

determine a current obfuscation method based at least 
in part on a target ID, said target ID specifying a user 
device configured to execute said obfuscated application 
program; 

create an obfuscated application program based at 
least in part on said current obfuscation method; and 

send said obfuscated application program to said user 
device^ 

wherein said user device comprises a smart -card 
and said smart -card comprises a virtual machine (VM) ; 
and 

said target ID comprises a VM ID . 

42. (Original) The apparatus of claim 41, said 
obfuscator further configured to receive an application program 
request from said user device and perform said determining in 
response to said receiving. 
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43. (Original) The apparatus of claim 41 wherein 

said obfuscator is further configured to apply a 
cryptographic process to said obfuscated application 
program together with a cryptographic key to create an 
encrypted obfuscated application program; and 

said obfuscator is further configured to send said 
encrypted obfuscated application program. 
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44. (Cancelled) 



45. (Cancelled) 



46. (Cancelled) 



47. (Cancelled) 



48. (Cancelled) 
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